Google in May announced that during an internal audit into its Street View data collection policies the search giant had been “mistakenly collecting samples” of user browsing data sent over unencrypted Wi-Fi networks such as e-mail, user passwords and browsing history. The piece of programming code used to grab user data was from an “experimental WiFi project,” and Google says the code was inadvertently added to Google’s Street View data collection software. Google’s internal audit was prompted by a request of Germany’s privacy authorities.
Aims of the multistate investigation
The multistate investigation wants to find out the following:
-Was [the personal user] data collected by Google ever extracted and if so, when and why;
– How did purportedly unauthorized code — which captured data broadcast over unencrypted WiFi networks — become part of a Street View computer program;
– Who inserted what Google calls unauthorized code into the program and why;
– Have there been other instances of engineers writing unauthorized code into Google products to capture consumer data, and if so provide all instances and full details;
-Why did Google save data it says was accidently collected.
Blumenthal previously asked Google to provide information about its internal policies and procedures for processing and handling data collected by the Street View program; what steps Google has taken to stop unauthorized data snooping in the future; how and when Google learned it was capturing user data; why Google recorded the signal strength and quality of Wi-Fi networks; copies of any audits or reviews of Street View conducted by Google or a third-party.
A timeline of Google’s Wi-Fi data snooping gaffe
The announcement of a multistate investigation is just the latest problem to come out of the controversy over Google’s Wi-Fi data snooping scandal. Here’s a quick breakdown of what’s already happened.
April 27, 2010: Google submits a report to privacy protection authorities in several countries detailing its Street View Wi-Fi data collection policies. Google’s report says that it collects publicly broadcast Wi-Fi access point information so it can approximate a user’s location based on surrounding cell towers and Wi-Fi access points. This technology is used in products such as Google Maps’ My Location feature. Google states in the report that it “never collects the content of any communications” sent over Wi-Fi networks. You can read Google’s report here (PDF).
May 5, 2010: The Data Protection Authority in Hamburg, Germany asks to audit Google’s Wi-Fi collection data. This request prompts Google to “re-examine everything” it had been collecting during its Street View project.
June 9, 2010: Google releases a report by third-party security consulting firm Stroz Friedberg that reviews Google’s Street View software that collected Wi-Fi data, how it worked, and what data it gathered. You can read the report here (PDF).
June 10, 2010: Google asks that the eight lawsuits over the data breach, as well as any future suits, are consolidated into one case to be heard in a court near Google HQ in Mountain View, California.